@inproceedings{9c2d61f49a7848eda29b907d53e41a4f,
title = "Preventing neural network model exfiltration in machine learning hardware accelerators",
abstract = "Machine learning (ML) models are often trained using private datasets that are very expensive to collect, or highly sensitive, using large amounts of computing power. The models are commonly exposed either through online APIs, or used in hardware devices deployed in the field or given to the end users. This provides an incentive for adversaries to steal these ML models as a proxy for gathering datasets. While API-based model exfiltration has been studied before, the theft and protection of machine learning models on hardware devices have not been explored as of now. In this work, we examine this important aspect of the design and deployment of ML models. We illustrate how an attacker may acquire either the model or the model architecture through memory probing, side-channels, or crafted input attacks, and propose (1) power-efficient obfuscation as an alternative to encryption, and (2) timing side-channel countermeasures.",
keywords = "Neural network, hardware security, inference, memory probing, model exfiltration, model theft, side-channels",
author = "Mihailo Isakov and Lake Bu and Hai Cheng and Kinsy, {Michel A.}",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 Asian Hardware Oriented Security and Trust Symposium, AsianHOST 2018 ; Conference date: 17-12-2018 Through 18-12-2018",
year = "2019",
month = jan,
day = "9",
doi = "10.1109/AsianHOST.2018.8607161",
language = "English (US)",
series = "Proceedings of the 2018 Asian Hardware Oriented Security and Trust Symposium, AsianHOST 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "62--67",
booktitle = "Proceedings of the 2018 Asian Hardware Oriented Security and Trust Symposium, AsianHOST 2018",
}